Alfresco Webscript Authorization

Alfresco webscripts is one of the powerful tools for integrating alfresco repository with other systems (portal, CMS or web applications).

Now whenever we are integrating two different systems we always come across security concerns. Because on one side where we need to expose repository to other system, on the other side we also need to make sure those set of webscripts are secure enough to be protected from unauthorized access.

We can define different levels of security on alfresco webscript description file.

Guest Access

Alfresco webscript access is available to any alfresco user with minimal guest user access.

To define Guest access we need to specify following tag within description file. Normally we require this in intranet sites where back-end contents are managed by alfresco.

< Authentication> guest</Authentication>

Admin Access

If we want to give webscript access to only those users who have admin credential (part of alfresco administrator group). We need to specify following line in webscript descriptor file. Normally this is the case when we want alfresco contents to be very secure and there is only single point of interaction between alfresco and external application

< Authentication> admin</Authentication>

No Authorization required

If we want to make webscript public accessible to everyone, which is normally require incase of public sites. We need to specify following line in webscript descriptor file.

< Authentication> none</Authentication>

Summary: This knowledge is very essential in case you are integrating alfresco using webscript. I will explain different ways of consuming alfresco webscripts in upcoming posts.

Author Spotlight

mitpatoliya

I love opensource technologies working with those technologies from the time I have stepped in to the Software Industry. Alfresco CMS is my area of expertise. I have worked on various complex implementations which involved integration of Alfresco with other technologies, extensively worked with JBPM workflows and Webscripts.